Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/882
+1, thanks for the hard work in getting everything cleaned up!
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/882
I ran this up and was able to complete the example and see the data flow
through to the alerts UI. Everything worked really well, and the instructions
were very clear.
I think once the
Github user cestella commented on the issue:
https://github.com/apache/metron/pull/882
@justinleet Instructions updated, good catch.
---
Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/882
I ran through the instructions. The new data flowing automatically into
the default ES mapping causes the problem that fielddata isn't true, so
grouping queries don't match on the squid index
